Checking against hostname has never been exceptionally secure.
You realize that someone could just send a different referer header?
Alan, I'm working on a rewrite now and am concerned with properly doing things. Could you please advise on how to best prevent this type of exploit, given that a check of referer against a hard-coded hostname is not so good?
Thanks in advance.
Marty Landman Face 2 Interface Inc. 845-679-9387
FormATable DB: http://face2interface.com/Products/FormATable.shtml
Make a Website: http://face2interface.com/Home/Demo.shtml
Free Formmailer: http://face2interface.com/Products/Formal.shtml
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
